Information Security Management System (ISMS) – ISO 27001

Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security. ISO/IEC 27001 is a standard for information security that focuses on an organization’s ISMS.

Objective of ISMS

Information security is the protection of information to ensure:

• Confidentiality: ensuring that the information is accessible only to those authorised to access it.
• Integrity: ensuring that the information is accurate and complete and that the information is not modified without authorization.
• Availability: ensuring that the information is accessible to authorized users when required.

Why should I implement ISO 27001 ISMS?

• Certification of a management system brings several advantages. It gives an independent assessment of your organization’s conformity to an international standard that contains best practices from experts for ISMS.
• Meeting legislative and regulatory requirements
• As a measure and independent evidence that industry best practices are being followed.
• As part of a corporate governance program

Process for implementing ISO 27001
1. Define an information security policy
2. Define scope of the information security management system
3. Perform a security risk assessment
4. Manage the identified risk
5. Select controls to be implemented and applied
6. Prepare as SoA (a “statement of applicability”)

The Certification Process
 Guidelines – ISO/IEC 27002:2007
 Certification – ISO/IEC 27001:2005
 Stage 1 : Documentation Review & evaluate client’s readiness
 Stage 2 : Implementation audit & evaluate effectiveness of client’s systems
 Lead Auditor’s recommendation to certify
 Certificate issued by certification/registration body
 Surveillance
 Periodic review audits (6 months interval)
 Re-certification (after 3 years)

25.271139 55.307485

Penetration Testing

Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.

Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.

The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its employees’ security awareness and the organization’s ability to identify and respond to security incidents.

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.

Pen test strategies include: –

Targeted testing

Targeted testing is performed by the organization’s IT team and the penetration testing team working together. It’s sometimes referred to as a “lights-turned-on” approach because everyone can see the test being carried out.

External testing

This type of pen test targets a company’s externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they’ve gained access.

Internal testing

This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.

Blind testing

A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that’s performing the test beforehand. Typically, they may only be given the name of the company. Because this type of test can require a considerable amount of time for reconnaissance, it can be expensive.

Double blind testing

Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization’s security monitoring and incident identification as well as its response procedures.

Penetration Testing Tools
1) Nmap – Worlds Best Port Scanner
2) Nessus – Vulnerability Scanner
3) Metasploit – Exploit framework
4) Pass-The-Hash – Who needs passwords?
5) Hydra – Brute force password guessing
6) Cain & Abel – The ultimate MITM utility
7) Wireshark – network protocol analyzer
8) Snort – traffic analysis and packet logging on IP networks
9) Netcat – reads and writes data across TCP or UDP network connections
10) Nikto – web server scanner which performs comprehensive tests against web servers

Books to Change Life

This is a collection of book name that changed or influenced people life. I prepared this on the basis of a Linkedin discussion. This can be helpful for reading.

Srl. No.	Book	Author
1	Quran / Bible / Gita	Quran / Bible / Gita
2	How to Win Friends and Influence People	Dale Carneg
3	7 Habits of highly effective people	Stephen MR Covey
4	The speed of trust	Stephen MR Covey
5	The Secret	Rhonda Byrne
6	Who will Cry when you Die	Robin Sharma
7	Our Iceberg is Melting	John Kotter
8	Rich dad poor dad	Robert Kiyosaki
9	The Greatness Guide	Robin Sharma
10	Don’t Worry About Tomorrow	Dale Carnegie
11	MIND MAPPING TECHNIQUES	Tony Buzan
12	MIND CONTROL METHODS	Jose Silva
13	The Goal	Eliyahu M Goldratt
14	The Saint, The Surfer and The CEO	Robin Sharma
15	Awaken the giant within	Anthony Robbins
16	The Profit Zone	Adrian Slywotzky
17	Creating a World Without Poverty	M Yunus
18	Anatomy of the Spirit	Caroline Myss
19	Seat of the Soul	Gary Zukav
20	The Palace of Nowhere	James Finley
21	Values Shift	Brian Hall
22	The Palm at the End of the Mind	Wallace Stevens
23	Creating a world without poverty	Muhammad Yunus
24	Find Your Own Way In Difficult Time	David Rascott
25	Execution	Bossidy & RamCharan
26	Built to last	Jim Collin
27	Good to great	Jim Collins
28	In Search of excellence	Thomas
29	Awakening the entrepreneur within	Michael Gerber
30	Fountainhead	Ayn Rand
31	Many Lives Many Masters	Brian Weiss’s
32	The Power of Now	Eckhard Tolle
33	Blink	Malcolm Gladwell
34	You Can Negotiate Anything	Herb Cohen
35	Old Path White clouds	Thich Nhat Hanh
36	Success Principles’	Jack Canfield
37	Notes to Myself	Hugh Prather
38	The Same Old Story	Ivan Goncharov
39	Atlas Shrugged	Ayn Rand
40	Law of Attraction	Michale Loussiar
41	Out of my comfort zone	Steve Waugh
42	When Genius Failed	Roger Lowenstein
43	The Making of a Financial Legend	Paul Volcker:
44	PURPOSE DRIVEN LIFE	Pastor Rick Warren
45	WHAT YOU SAY IS WHAT YOU GET	Pastor Don Gossett
46	WHAT’S ON IN YOUR MIND	Merlin Carothers
47	The Google Story	David Vise
48	The Palace of Illusions	Chitra Banerjee Divakaruni
49	Emotional Intelligence	Daniel Goldman
50	Unlimited Power	Anthony Robbins
51	Awaken the Giant Within	Anthony Robbins
52	Getting Things Done	David Allen
53	Lateral Thinking	Edward Debono
54	Embracing Change	Tony Buzan’s
55	Good to great	Jim Collins
56	FIRST THINGS FIRST	Stephen Covey
57	EMOTIONAL INTELLIGENCE	Stephen Covey
58	WHO MOVED MY CHEESE,	Spencer Johnson
59	You can heal your life	Louis L Hay
60	The celestine Prophecy	James Redfield
61	The truth shall set you free and The robot’s rebellion	David Icke
62	Mutant Message	Marlo Morgon
63	Johanthan Livingston seagull	Richard Bach
64	The Bridge forever	Richard Bach
65	Future Shock	Alvin Toffler
66	The range of works	Bertrand Russell
67	A Passion for Excellence	Tom Peters
68	The Seven Spiritual Laws of Success	Deepak Chopra
69	Make Your Site Sell	Ken Evoy
70	Brief history of time	Stephen Hawking
71	How to Stop Worrying and Start Living	Dale Carnegie
72	Worthy human performance	Thomas gilbert
73	cultures of organisation	Gret Hopstead
74	Love is the Killer App	Thomas Sanders
75	Rules of the Red Rubber Ball	Kevin Caroll
76	Outliers	Malcolm Gladwell
77	Talent is Overrated	Geoff Colvin
78	The Secret	Rhonda Byrne
79	Magic of thinking Big	David Schwartz
80	Eat that Frog	Brian Tracy
81	Little things Big results	Roger Fritz
82	The business School	Robert  Kiyosaki
83	Are You Ready to Succeed?	Srikumar Rao
84	Improving performance	Rummler and Brache
85	2Developing management skills	Whetton & Cameron
86	Games people Play	Eric Berne
87	The 3rd Wave	Alvin Toffler
88	Maverics at Work	William Taylor
89	Circle of Innovation	Tom Peters
90	Re Imagine	Tom Peters
91	Al Chemist	Paulo Coelho
92	Wings of Fire	APJ Kalam
93	Six thinkng Hats	De bono
94	The Man who sold the ferrari	Robin Sharma
95	Execution	Chuck Bossidy
96	In Search of excellence	Tom Peters
97	Blue Ocean strategy	Kim and Mauborgne
98	How to get whatever you want	Kopmeyers
99	The power of positive thinking	Norman Vincent Peale
100	The Magic of Thinking Big	David J Schwartz
101	Tough Times Never Last, But Tough People do	Robert H Schuller
102	Richest Man in Babylon	George S Clason
103	Who Moved my Cheese	Spencer Johnson
104	The 360 Degree Leader	John C
105	The One Minute Millionnaire	Robert Allen